Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.4
CVSSv3

CVE-2017-1000364

Published: 19/06/2017 Updated: 18/10/2018
CVSS v2 Base Score: 6.2 | Impact Score: 10 | Exploitability Score: 1.9
CVSS v3 Base Score: 7.4 | Impact Score: 5.9 | Exploitability Score: 1.4
VMScore: 625
Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C
Subscribe to Linux Kernel

Vulnerability Summary

An issue exists in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and previous versions (the stackguard page was introduced in 2010).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

Vendor Advisories

Debian Security Advisories: DSA-3886-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2017-7487 Li Qiang reported a reference counter leak in the ipxitf_ioctl function which may result into a use-after-free vulnerability, triggerable when a IPX interface is configured CVE ...
Amazon Linux AMI: ALAS-2017-845
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be jmp'ed over, this affects Linux Kernel versions 4115 and earlier (the stackguard page was introduced in 2010) (CVE-2017-1000364) The offset2lib patch as used by the Linux Kernel contains a vulnerability, i ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 66 Advanced Update Support and Red Hat Enterprise Linux 66 Telco Extended Update SupportRed Hat Product Security has rated this update ...
Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 59 LongLifeRed Hat Product Security has rated this update as having a security impact ofImportant A Common Vulnerability Scoring System (CVSS) bas ...
Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 65 Advanced Update Support and Red Hat Enterprise Linux 65 Telco Extended Update SupportRed Hat Product Security has rated this update as having a ...
Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Red Hat: Important: kernel-rt security and bug fix update
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...
Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 72 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 64 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Red Hat: Important: Red Hat 3scale API Management Platform 2.0.0 security update
Synopsis Important: Red Hat 3scale API Management Platform 200 security update Type/Severity Security Advisory: Important Topic A security update for Red Hat 3scale API Management Platform 200 is now available from the Red Hat Container CatalogRed Hat Product Security has rated this update as having a ...
Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Red Hat: Important: Red Hat Container Development Kit 3.0.0 security update
Synopsis Important: Red Hat Container Development Kit 300 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Container Development Kit 300Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...
Red Hat: Important: kernel-rt security and bug fix update
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise MRG 2Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...
Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 67 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 5 ExtendedLifecycle SupportRed Hat Product Security has rated this update as having a security impact ofImportant A Common Vulnerability Scoring Sy ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 62 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Red Hat: CVE-2017-1000364
A flaw was found in the way memory was being allocated on the stack for user space binaries If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase ...
Ubuntu Security Notice: linux-lts-trusty vulnerability
The system could be made to run programs as an administrator ...
Ubuntu Security Notice: linux vulnerability
The system could be made to run programs as an administrator ...
Ubuntu Security Notice: linux-aws vulnerability
The system could be made to run programs as an administrator ...
Ubuntu Security Notice: linux vulnerability
The system could be made to run programs as an administrator ...
Ubuntu Security Notice: linux-raspi2 vulnerability
The system could be made to run programs as an administrator ...
Ubuntu Security Notice: linux-gke vulnerability
The system could be made to run programs as an administrator ...
Ubuntu Security Notice: linux-hwe vulnerability
The system could be made to run programs as an administrator ...
Ubuntu Security Notice: linux-lts-xenial vulnerability
The system could be made to run programs as an administrator ...
Ubuntu Security Notice: linux-raspi2 vulnerability
The system could be made to run programs as an administrator ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-snapdragon vulnerability
The system could be made to run programs as an administrator ...
Ubuntu Security Notice: linux-raspi2 vulnerability
The system could be made to run programs as an administrator ...
Ubuntu Security Notice: linux regression
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux vulnerability
The system could be made to run programs as an administrator ...
Ubuntu Security Notice: linux vulnerability
The system could be made to run programs as an administrator ...
Arch Linux Issues:
A flaw was found in the way memory was being allocated on the stack for user space binaries If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase ...

Exploits

Exploit DB: Solaris - RSH Stack Clash Privilege Escalation (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = GoodRanking include Msf::Post::File include Msf::Post::Solaris::Priv include Msf::Post::Solaris::System include Msf::Post::Solaris::Kernel incl ...

References

CWE-119https://www.suse.com/support/kb/doc/?id=7020973https://www.suse.com/security/cve/CVE-2017-1000364/https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txthttps://access.redhat.com/security/cve/CVE-2017-1000364http://www.securityfocus.com/bid/99130http://www.securitytracker.com/id/1038724https://kc.mcafee.com/corporate/index?page=content&id=SB10205http://www.debian.org/security/2017/dsa-3886https://access.redhat.com/errata/RHSA-2017:1712https://access.redhat.com/errata/RHSA-2017:1647https://access.redhat.com/errata/RHSA-2017:1616https://access.redhat.com/errata/RHSA-2017:1567https://access.redhat.com/errata/RHSA-2017:1491https://access.redhat.com/errata/RHSA-2017:1490https://access.redhat.com/errata/RHSA-2017:1489https://access.redhat.com/errata/RHSA-2017:1488https://access.redhat.com/errata/RHSA-2017:1487https://access.redhat.com/errata/RHSA-2017:1486https://access.redhat.com/errata/RHSA-2017:1485https://access.redhat.com/errata/RHSA-2017:1484https://access.redhat.com/errata/RHSA-2017:1483https://access.redhat.com/errata/RHSA-2017:1482https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03800en_ushttps://kc.mcafee.com/corporate/index?page=content&id=SB10207https://www.exploit-db.com/exploits/45625/https://nvd.nist.govhttps://www.debian.org/security/./dsa-3886https://www.exploit-db.com/exploits/45625/https://usn.ubuntu.com/3335-2/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000CVE-2024-4439unauthorizedCVE-2024-0042CVE-2024-31848CVE-2023-40694cache poisoningCVE-2024-23707firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook